The Ultimate Insider Threat Intelligence Platform

Internal Threat
Game Plan

Without an internal threat game plan,
corporations leave a gaping hole in their
security strategy. The average time it takes for a corporation to detect a data breach is over five months! If you have critical data to protect, having an incomplete internal threat strategy puts your corporation in significant jeopardy.

Proactive Endpoint Visibility & Analysis

With up to 60% of breaches coming
from internal threats, it’s critical that
corporations proactively monitor all
endpoints for the rapid detection of
internal breaches. Cerebral agents can be deployed on Windows, MAC, Android devices as well as Windows servers (prime targets for attackers posing as insiders, utilizing compromised credentials). Cerebral protects both physical and virtualized endpoints.

Detection Alone Is Not
Enough

Data Breach Response (DBR) is critical to minimizing the impact of a breach. Once the alarm is sounded, how quickly can you react? Cerebral’s Time-Capsule DVR lets see video of the incident, as it unfolded. This visibility allows you to immediately delineate false alarms from a real threats and take immediate action with 100% confidence.

Integrated & Intelligent

Cerebral provides an end-to-end integrated internal threat intelligence platform that maximizes both security and efficiency while providing the concrete proof to take legal action.

1. Watching

Watching everything,
all the time

Cerebral monitors all user activity at the endpoint, including:

Web Activity

Significantly more sophisticated than
browser history, Veriato software records
and maintains information about web
activity, including web mail usage, file uploads and
how long a user was engaged or active
on a site.

Compromised Credentials

Cerebral watches access to workstations and servers for unusual access by IP addresses, geolocation and more.

Email Activity

Capture and analyze communication activity in
traditional email clients as well as many
popular webmail services. A searchable
system of record that can be alerted
and reported on.

Chat & IM Activity

Capture, scan, alert and report on communications activity occurring on commonly used messaging apps; creates a definitive record for compliance and investigative uses.

Psycholinguistics

Using computational linguistic analysis,
Veriato can identify and categorize
opinions expressed in email text, to
determine the writer's sentiment and
sentiment changes that can point
towards disgruntled workers and
possible security risks.

Network Activity

Autonomously captures connections
made by applications, including ports
used and bandwidth consumed as well as time and location of connection.

File & Document
Tracking

Tracks activities on local, removable, and cloud storage, as well as print operations. See when files are created, edited, deleted, or renamed.

Keystroke Logging

When needed, the option to record every keystroke, including “hidden” characters and combinations, insures you have the visibility you need into the activity of highly privileged users.

Application Activity

Captures all application usage to provide true reporting on what application are being used, by who, and for how long.

Geolocation

Data on the location of a mobile device can be tracked as well as
configured to alert security when a user
device enters a restricted location or
moves outside a specified geographic
area.

User Status

Produces an accurate record of session time and activity. Tracks log-on and log-off but does not rely on log-off to identify when session activity ends.

Dark Web Tracking

Be alerted when employees access .onion sites.

2. Analyzing

BIG DATA
& AI

Second by second information gathering for all users on the
network creates a big data scenario that not even the best
security team could sift through. It’s like looking for a needle
in thousands of everchanging haystacks.

Veriato AI (UEBA) continually scrutinizes all users’ activity and sentiment, watching for anomalies in behavior compared with their personal baseline or that of the group.

Additionally Cerebral will watch for outsiders trying to access the network with stolen credentials.

When Cerebral identifies a possible threat, it immediately notifies the security team. With an extremely low false positive rating (<2%). Cerebral’s alerting maximizes the efficiency of the security team by eliminating the need to have people constantly monitoring employees, hoping to find an issue.

With the average time of breach detection reaching over five months, it’s obvious that many companies are not receiving breach alerts. With the ultimate goal of keeping the compromised data securely in house, alerting is critical to rapidly locking down the breach.

4. Seeing

IMMEDIATELY SEE EXACTLY
WHAT’S
HAPPENING

Once an alert is received, Cerebral's Time-Capsule DVR
gives you the ability to look directly at a video of the
user’s screen.

The ability to see the user move their mouse across the
screen as they open files, download data or surf the
internet is invaluable in rapidly determining whether the
user’s actions are benign, a hazardous mistake or deliberately
malicious. You can scroll back and see what the user did
5 minutes, 5 hours or 5 weeks ago, letting you:

Act rapidly with 100% confidence

See the extent of the breach

See the attack strategy

See who their internal or external accomplices are

5. Reacting

Data Breach Response (DBR)

Respond With Speed & Confidence

Once a breach is identified Cerebral’s video playback allows you to react immediately and with 100% confidence. There are no more lengthy investigations to determine what a network alert actually means. You can react in minutes, notifying HR, management, operational security and even law enforcement. Additionally, the ability to look at video from days, weeks or months ago allows you to investigate the attack strategy as well as identify accomplices, outside and inside the organization..

Taking Legal Action

Pictures are worth a thousand words, and nowhere is this
more true than in the legal system. The Cerebral screen
recordings can be exported as timestamped image or
video files, creating vital evidence in inter-company
disciplinary action as well as in legal proceedings. Veriato's detailed logs, reports, images and video evidence have been used in hundreds of
cases worldwide to successfully prosecute malicious
insiders.

The Human Factor

Humans are always the weakest link in any security strategy,
therefore user endpoint monitoring is crucial for insider
threat security.

Cerebral agents can be deployed on Windows and Mac workstations, Windows Servers, as well as
Android devices. They can be deployed in physical or virtualized environments.

Because it’s the users’ activity that we’re really concerned
with (not the device), Cerebral will follow users from device
to device, creating a cross platform, network wide analysis of
all users.

Veriato in your environment

Light, Fast & Self Aware

Cerebral’s endpoint agent is very light and will not impact
performance of the endpoint device or network traffic. The
agent is intelligent and self-aware, slowing its processing and
transmissions when it detects heavy workloads on the
endpoint or traffic on the network. Additionally, if the agent health monitor encounters any issues on the endpoint, it will report back to the Cerebral management console.